Intelligent CISO Issue 17 | Page 35

 PREDI C TI VE I NTEL L I GE NC E In the early stages of a project at least, it may be a good idea to prioritise visibility and monitoring rather than enforcement and blocking, so that security is not seen as a drag on innovation. performance measurement will help to evaluate the progress of initiatives and reward success. This must be backed up by the right tools and technology, of course. Process automation can also help to reduce human error while security that is adaptive, contextual and software-based should be prioritised. Once security functionality is exposed as services via APIs it is easier to embed www.intelligentciso.com | Issue 17 into DevOps workflows in an automated manner. It can enable crucial capabilities such as continuous scanning of container images for bugs and malware along with run-time protection. In the early stages of a project at least, it may be a good idea to prioritise visibility and monitoring rather than enforcement and blocking, so that security is not seen as a drag on innovation. Security- by-design will take some time to fully embed throughout an organisation and may benefit from allocating budget to a new DevSecOps team. With DevOps, integrated security is an essential pre-requisite for success. After all, brakes aren’t there to slow you down, they’re there so that you can get to your destination faster and safer. u 35